use crate::imports::*;
pub trait Perm : FromPrimitive + ToPrimitive
- + Copy + Eq + Hash + Sync + Send { }
+ + Copy + Eq + Hash + Sync + Send + 'static { }
#[derive(Copy,Clone,Debug)]
pub struct PermSet<P: Perm> (u64, PhantomData<&'static P>);
#[derive(Debug,Clone)]
struct LoadedAclEntry<P: Perm> {
pat: glob::Pattern,
- allow: Bitmap,
- deny: Bitmap,
+ allow: PermSet<P>,
+ deny: PermSet<P>,
ptype: PhantomData<&'static P>,
}
ptype: PhantomData<&'static P>,
}
- impl<P:Perm> LoadedAcl<P> {
- fn entries(&'s self) -> impl Iterator<Item=AclEntryRef<'s>> {
- self.owner_account.map(
+ impl<'e, P:Perm> EffectiveAcl<'e, P> {
+ fn entries(&self) -> impl Iterator<Item=AclEntryRef<'_, P>> {
+ self.owner_account.iter().map(
|owner|
- AclEntryRef { pat: Left(owner), allow: !0, deny: 0, ptype }
- ).chain(self.entries.map(
- |LoadedAclEntry { pat, allow, deny }|
- AclEntryRef { pat: Left(pat), allow: allow.0, deny: deny.0 }
+ AclEntryRef { pat: Left(owner), allow: !0, deny: 0,
+ ptype: PhantomData }
+ ).chain(self.acl.0.iter().map(
+ |&LoadedAclEntry { ref pat, ref allow, ref deny, ptype }|
+ AclEntryRef { pat: Right(pat), allow: allow.0, deny: deny.0, ptype }
))
}
needed &= !allow;
if needed == 0 { return Ok(()) }
}
- Err(ME::PermissionDenied)
+ Err(MgmtError::PermissionDenied)
}
}
- impl<P:Perm> From<I> for PermSet<P> where I: IntoIterator<Item=&P> {
+ impl<'i, P:Perm, I> From<I> for PermSet<P>
+ where I: IntoIterator<Item=&'i P>
+ {
fn from(i: I) -> Self {
i.into_iter().fold(0, |b, i| b | i.to_u64().unwrap())
}
}
- fn unpack<P:Perm>(unpacked:
Bitmap) -> HashSet<P> {
+ fn unpack<P:Perm>(unpacked:
PermSet<P>) -> HashSet<P> {
let mut s = HashSet::new();
for n in 0.. {
let v = match FromPrimitive::from_u64(n) { Some(v) => v, None => break };
fn readonly<F: FnOnce(&mut InstanceGuard) -> ExecuteGameInsnResults>(
cs: &CommandStream,
- ig: &Unauthorised<InstanceGuard>,
+ ig: &Unauthorised<InstanceGuard, InstanceName>,
p: PermSet<TablePermission>,
f: F) -> ExecuteGameInsnResults
{
}
}
+#[throws(MgmtError)]
+fn authorise_by_account(cs: &CommandStream, wanted: &AccountScope)
+ -> Authorisation<AccountScope> {
+ let currently = &cs.account.as_ref()?.account;
+ if currently == wanted {
+ return Authorisation::authorised(currently);
+ }
+ throw!(MgmtError::AuthorisationError)
+}
+
#[throws(MgmtError)]
fn authorise_scope_direct(cs: &CommandStream, wanted: &AccountScope)
-> Authorisation<AccountScope> {
impl<A> Unauthorised<InstanceGuard<'_>, A> {
#[throws(MgmtError)]
- pub fn check_acl(&mut self, p: PermSet<TablePermissions>)
+ pub fn check_acl(&mut self, p: PermSet<TablePermission>)
-> &mut InstanceGuard {
let auth = {
let acl = self.by(Authorisation::authorise_any()).acl;
pub use ordered_float::OrderedFloat;
+pub use either::{Either,Left,Right};
+
pub use crate::global::*;
pub use crate::gamestate::*;
pub use crate::pieces::*;
pub use crate::shapelib;
pub use crate::tz::*;
pub use crate::accounts::*;
-pub use crate::accounts::loaded_acl::{self,LoadedAcl};
+pub use crate::accounts::loaded_acl::{self,LoadedAcl,PermSet};
pub use zcoord::{self, ZCoord};
use crate::error::display_as_debug;
use crate::accounts::AccountName;
use std::hash::Hash;
+use num_derive::{ToPrimitive, FromPrimitive};
pub use implementation::PlayerAccessSpec;
#[derive(Debug,Clone,Copy,Serialize,Deserialize)]
#[derive(Hash,Eq,PartialEq,Ord,PartialOrd)]
-enum TablePermission {
+#[derive(FromPrimitive,ToPrimitive)]
+pub enum TablePermission {
AddPlayer,
ChangePieces,
RemovePlayer,
use crate::imports::*;
type Insn = crate::commands::MgmtGameInstruction;
+ impl loaded_acl::Perm for TablePermission { }
+
type TDE = TokenDeliveryError;
pub fn raw_token_debug_as_str(s: &str, f: &mut fmt::Formatter)
~ianmdlvl / otter.git / commitdiff